Security Rule: Required Items

Standards Sections Implementation Specifications (R)=Required, (A)=Addressable
Security Management Process [164.308(a)(1)] Risk Analysis (R)
Risk Management (R)
Sanction Policy (R)
Information System Activity Review (R)
Assigned Security Responsibility [164.308(a)(2)] (R)
Information Access Management [164.308(a)(4)] Isolating Healthcare Clearinghouse Function (R)
Security Incident Procedures [164.308(a)(6)] Response and Reporting (R)
Contingency Plan [164.308(a)(7)] Data Backup Plan (R)
Disaster Recovery Plan (R)
Emergency Mode Operation Plan (R)
Evaluation [164.308(a)(8)] (R)
Business Associate Contracts and Other Arrangement. [164.308(b)(1)] Written Contract or Other Arrangement (R)
Workstation Use [164.310(b)] (R)
Workstation Security [164.310(c)] (R)
Device and Media Controls [164.310(d)(1)] Disposal (R)
Media Re-use (R)
Access Control [164.312(a)(1)] Unique User Identification (R)
Emergency Access Procedure (R)
Audit Controls [164.312(b)] (R)
Person or Entity Authentication [164.312(d)] (R)